Forum Discussion

Nimbostratus

5 years ago

Cookie Does Not Contain The "secure" Attribute on ltm vip

Our security team reported that multiple vulnerabilities has been detected on one of VIP: 1.2.3.4 (on BIG-IP LTM v12.1.2 version.) Please refer the list as below 1.Cookie Does Not Contain The...

application delivery

ASM Advanced WAF

F5 Distributed Cloud WAAP

Nacreous

5 years ago

Hi,

If you don't use cookie persistence profile, you need to configure the BIG-IP ASM to use secure and HttpOnly cookie flag.

Check in your ASM Policy configuration, Security ›› Application Security : Headers : Cookies List ›› Edit Cookie

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie Does Not Contain The "secure" Attribute on ltm vip

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

F5 System Scanner - How I deployed it at scale

What configuration issue am I experiencing with this 130-domain VS ?

Ivanti MDM Core & F5 LTM/ASM with mTLS

F5 BIGIP & XC certbot plugin

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

Related Content

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

LockBit, Pwc2Own, AI, "Othello is solved" Oct30th to Nov5th, 2023 F5 SIRT This Week in Security

How I did it - "Securing NVIDIA’s Morpheus AI Framework with NGINX Plus Ingress Controller”

How I did it - "Securing Nvidia Triton Inference Server with NGINX Plus Ingress Controller”

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS